#29419: Document the change in permissions required to perform admin actions
-------------------------------------+-------------------------------------
Reporter: Paulo | Owner: Hiroki
| Kiyohara
Type: Bug | Status: assigned
Component: Documentation | Version: 2.1
Severity: Release blocker | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Carlton Gibson):
The previous behaviour here is to show all actions regardless of
permissions. If then you (for example) try to delete objects without the
delete permission you'll hit a permission denied error.
The ''idea'' in the PR is that actions won't be available to read-only
users, and that ''change'' will imply e.g. ''delete''. Whilst nice in
theory, neither of those seem to be true.
There's no current mechanism for actions to specify their permissions.
That might be a good addition as a separate feature. We could then filter
displayed actions on that basis.
For now, the consistent thing would seem to be to continue to display all
actions regardless of permission levels, allowing that users may run into
permission denied errors, as they will have up to now.
--
Ticket URL: <https://code.djangoproject.com/ticket/29419#comment:6>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/066.894aa66191ea9f6f633793b8d10b00cb%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.